The Business Case for Security

The recession has sparked a reduction in IT spending as everyone knows. Quite often, spending reductions have a tendency to hit security and control first, which is a mistake, but something that strangely often happens. As a result CIO's are often faced with a need to build a business case for their security programs and particularly their new initiatives. This is not always an easy task.

The operative word is "business". If the other C suite executives are going to be persuaded to contribute scarce resources to a security plan, they need to hear a business case. How the plan will help them to achieve the company's goals. So aspects of security like - it serves to minimize shut downs of service, which can cost big money in lost revenues and lost customers - need to be highlighted. Security helps to protect valuable property as well, which can be critical to an organization, particularly intellectual property. That's another useful and valid argument.

An article in Computerworld this month sets out five catagories of arguments like this. It's something that could be helpful to any number of CISs these days.